Public SMS inboxes have emerged in which the website provides a phone number and displays all incoming messages on a public page.
These inboxes can be both privacy preserving and also represent a security risk.
For example, some users may sign up for “burner” accounts and use publiC SMS inboxes to avoid giving their real phone numbers to shady service providers in the knowledge that the burner account contains no personal information.
Others may not realise that such websites violate the security assumptions of the service provision (e.g if used as a 2FA).
The usage of such services has not been (to our knowledge) studied by the research community.
This project would seek to investigate how public SMS inboxes are used, and how this varies across service providers and phone numbers.
The student would establish web scraping infrastructure to build a dataset of SMS messages received by the public inboxes.
The student could then either proceed with manual or automated text analysis methods.
Alternatively, a student could audit how websites deal with these phone numbers.
For example, one might probe whether financial services allow user accounts registered with these numbers, which may represent a violation of Know Your Customer requirements.